请问大家在生产环境使用kubernetes集群时有没有遇到过什么坑?


我们这边已经在生产环境中的kubernetes集群部署了一个流量较小的微服务,暂时还没有发现什么问题,可心里还是担心以后大规模部署的时候会不会出现什么坑,因为Google自己好像也没有用(我也不太确定),我现在有点犹豫是不是要考虑更成熟的mesos/marathon架构

各位有没有什么好的建议,或者实际的经验?谢谢!
已邀请:

iT2afL0rd - DevOps Lead at TrendMicro

赞同来自: wulonghui zhuwz


同样是准备年底上production环境,一般来说出问题也是会和环境相关的,所以别人的经验也不太适用。还是要建议要把k8s的文档吃透。

ouyangchangyou

赞同来自: 颦_ uuu3


我问一下,我的是不是由于访问不了 https://gcr.io,而导致下面的问题。有没有解决办法。谢谢!
[root@localhost kubernetes]# kubectl get pods
NAME READY STATUS RESTARTS AGE
my-nginx-bv9ft 0/1 Image: nginx is not ready on the node 0 10m
my-nginx-dryu8 0/1 Image: nginx is not ready on the node 0 10m
[root@localhost kubernetes]# kubectl describe pods/my-nginx-bv9ft

Wed, 04 Nov 2015 19:32:47 +0800 Wed, 04 Nov 2015 19:41:52 +0800 5 {kubelet 127.0.0.1} failedSync Error syncing pod, skipping: image pull failed for gcr.io/google_containers/pause:0.8.0, this may be because there are no credentials on this request. details: (API error (500): invalid registry endpoint https://gcr.io/v0/: unable to ping registry endpoint https://gcr.io/v0/v2 ping attempt failed with error: Get https://gcr.io/v2/: dial tcp 74.125.130.82:443: i/o timeout v1 ping attempt failed with error: Get https://gcr.io/v1/_ping: dial tcp 74.125.130.82:443: i/o timeout. If this private registry supports only HTTP or HTTPS with an unknown CA certificate, please add --insecure-registry gcr.io to the daemon's arguments. In the case of HTTPS, if you have access to the registry's CA certificate, no need for the flag; simply place the CA certificate at /etc/docker/certs.d/gcr.io/ca.crt

wulonghui - PaaS工程师

赞同来自:


正打算用k8s,年底会上生产环境。目前没发现有太大的缺陷,可能网络是个要注意的地方。另外mesos并不是专门为容器而设计,k8s也是深度定制,长远来看推荐k8s.
目前k8s v1已经推出,适合生产环境

要回复问题请先登录注册